Proxy software

melo@simplicidade.org (Pedro Melo) — Fri, 21 Apr 2017 10:08:42 +0100

A small list of proxy software that I use, or that have crossed my radar.

nginx

A single stop solution for all your HTTP, HTTP/2, TCP proxy needs. This is my go-to software today, it covers 80% to 90% of my needs, in a single package with a common configuration language. Why run multiple services if a single one covers what you need… Also, wicked fast. I really avoid going to others unless there is a clear need for it.

The weakest point for nginx is that dynamic reconfiguration, specially of backend configurations, are only available with the paid version, nginx Plus. But you can get a long way there with a small sidecar process that listens to service discovery updates, rewrites nginx configuration files, and asks nginx to reload them.

nginx features that are rareley mentioned: you can upgrade the nginx version without downtime. I haven’t came across any other proxy software that does this. But admitelly I haven’t looked that hard either…

See also tengine, a nginx distribution originaly by Taobao.

haproxy

haproxy is the grand daddy of reverse proxies. Very easy to setup, simpler than nginx. Has a nice built-in HTTP status interface.

At the moment, nginx does everything that I need that haproxy has, and I don’t need the extras that haproxy has that nginx lacks. If I already have nginx running it makes little sense to add another service. But if I just need plain TCP reverse proxy, then I prefer haproxy. It boild down to reducing the number of services I have to have running.

Varnish

Another classic. If you have strong caching needs, Varnish is the software to use.

Used to be he most flexible software in terms of configuration due to the use of very complete request routing language, VCL. But recent releases of haproxy, with Lua support, and nginx (either with Lua support on the OpenResty version, or the new nginScript), you might have similar capabilities with the others.

Fabio

My current favorite to replace nginx (although see traeffik below…): integration with Consul, Vault, PROXY Protocol Support for easier integration with Amazon load-balancers and haproxy, and traffic shapping for canary deployments.

See the full feature list.

My only concern is that there is mainly one commiter. This is true of multiple software projects I use (Redis comes to mind), but still, I tend to approach these situations with care.

Others

Other software projects to look at someday: